WordPress Security - Checkout this Email I get Often - 2 Things to Protect Your WP SIte
Hi Warriors,
Long time
I just wanted to let my fellow warrior friends know about an important security aspect of your WordPress sites.
You may know that last time WordPress was under big attack , it was mostly about one big think i.e. username: admin
You can see that THREAD here:
http://www.warriorforum.com/main-int...mple-step.html
Now everyone was asked to never use, 'admin' username, however many people still have that username so if you have not acted already here is a reminder... read the email below (I got such emails often for my WordPress sites):
This email was sent from your website "WarMarks" by the Wordfence plugin at Saturday 31st of May 2014 at 08:51:31 PM
The Wordfence administrative URL for this site is: http://www.warmarks.com/wp-admin/adm...page=Wordfence
==================Email I received from security plugin on my site============
A user with IP address 85.103.248.51 has been locked out from the signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 5. The last username they tried to sign in with was: 'admin'
User IP: 85.103.248.51
User hostname: 85.103.248.51.dynamic.ttnet.com.tr
=============
Now in above email, see how some hacker or bot is trying to break into my site, using 'admin' username (Thank God i dont have that username), also to protect such brute force attacks, I have installed security plugin 'Wordfence' (free plugin, no affiliation) and set the maximum tries for login to 5 to protect against such attacks.
This leads to my Warrior forum post to ask all friends who use WordPress that please ensure:
1. That you have not, 'admin' as username.
here is link how to change it:
Change your WordPress admin Username
1a. Have strong password, see this link:
Selecting a Strong*Password — Support — WordPress.com
2. Limit number of login tries one can have on your site to avoid brute force... any plugin like Login Lockdown or similar will work. However I like Wordfence, it is a security plugin, which have good anti virus, firewall, and other security features like Lockdown the failed tries for login and etc... so you should install this or any other similar plugin to protect your website.
Thank you,
Mohsin
PS. Also never forget to take full automatic backups of your WordPress sites... any free plugin like BackWpup will help to backup your site daily to DropBox or Amazon S3 to have your secure backup of your important sites.
Long time
I just wanted to let my fellow warrior friends know about an important security aspect of your WordPress sites.
You may know that last time WordPress was under big attack , it was mostly about one big think i.e. username: admin
You can see that THREAD here:
http://www.warriorforum.com/main-int...mple-step.html
Now everyone was asked to never use, 'admin' username, however many people still have that username so if you have not acted already here is a reminder... read the email below (I got such emails often for my WordPress sites):
This email was sent from your website "WarMarks" by the Wordfence plugin at Saturday 31st of May 2014 at 08:51:31 PM
The Wordfence administrative URL for this site is: http://www.warmarks.com/wp-admin/adm...page=Wordfence
==================Email I received from security plugin on my site============
A user with IP address 85.103.248.51 has been locked out from the signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 5. The last username they tried to sign in with was: 'admin'
User IP: 85.103.248.51
User hostname: 85.103.248.51.dynamic.ttnet.com.tr
=============
Now in above email, see how some hacker or bot is trying to break into my site, using 'admin' username (Thank God i dont have that username), also to protect such brute force attacks, I have installed security plugin 'Wordfence' (free plugin, no affiliation) and set the maximum tries for login to 5 to protect against such attacks.
This leads to my Warrior forum post to ask all friends who use WordPress that please ensure:
1. That you have not, 'admin' as username.
here is link how to change it:
Change your WordPress admin Username
1a. Have strong password, see this link:
Selecting a Strong*Password — Support — WordPress.com
2. Limit number of login tries one can have on your site to avoid brute force... any plugin like Login Lockdown or similar will work. However I like Wordfence, it is a security plugin, which have good anti virus, firewall, and other security features like Lockdown the failed tries for login and etc... so you should install this or any other similar plugin to protect your website.
Thank you,
Mohsin
PS. Also never forget to take full automatic backups of your WordPress sites... any free plugin like BackWpup will help to backup your site daily to DropBox or Amazon S3 to have your secure backup of your important sites.